Bitrix · Bitrix24 · CVE-2020-13758
**Name of the Vulnerable Software and Affected Versions**
Bitrix24 versions through 20.0.950
**Description**
The issue allows for XSS by placing %00 before the payload in the post filter.php file of the Web Application Firewall.
**Recommendations**
For versions through 20.0.950, update to a version that contains a fix for this issue to prevent potential XSS attacks.